GDPR and Mobile App Development

Data is at the heart of everything in technology, particularly mobile app development. Processing this data responsibly has always been crucially important and the introduction of The General Data Protection Act (GDPR) seeks to put more rigor around data management.

Like all companies, we have been reviewing our data management processes ahead of GDPR coming into effect. Europe’s GDPR rulings have highlighted the seriousness of customer privacy. So, let’s take a look at how GDPR affects mobile app development in all sectors.

Firstly, what is GDPR and GDPR compliance?

General Data Protection Regulation becomes enforceable throughout the EU on 25 May 2018. It is a European Regulation and it replaces a 1995 Directive. In the UK, GDPR replaces the Data Protection Act and will be enforced by the Information Commissioner’s Office (ICO), which has the power to prosecute if companies have not taken measures to combat potential vulnerabilities of sensitive data.

For readers who would like more information, you can find the full GDPR documentation online but here are the main things you need to know:

Explicit consent: Businesses must request consent to collect, use and move customer data

Right to access: Data controllers must be able to provide a copy of personal data, free of charge

Privacy by design: This concept has existed for many years already but comes under the legal requirement of GDPR. Privacy and data protection should be a key consideration through all stages of a project lifecycle

Right to be forgotten / Data Erasure: Users can request to have all their personal data deleted

Breach Notifications: Authorities and users must be notified of any potential data breach within 72 hours

All companies must be able to demonstrate that they are adhering to regulation by putting procedures in place to protect their customers data and this includes data within mobile apps. Waracle is GDPR compliant.

So, what does GDPR mean for mobile?

Mobile apps are included in GDPR regulation. As one of the UK’s largest mobile app developer companies, we think it’s important to explain what this means. The good news for all app users is that there has never been a better time for their data being protected.

As a mobile app development agency, we depend on a range of IT systems to deliver services internally and to clients. Security of these systems, the data they hold and the hardware and networks on which they operate, is essential to protect the systems and data from accidental or deliberate damage, loss or corruption.

The new legislation means that all app developers need to check the tools that they use to build apps don’t violate data protection rules. At Waracle, being experts in highly regulated industries such as digital health and financial services, that’s always been our practice.

In compliance of both the objectives and ethos of the EU General Data Protection Regulation (GDPR), Waracle employs the fundamental principles of Privacy by Design, which underpin Waracle’s strategy, policy, contractual obligations and technological developments throughout Waracle’s entire range of commercial operations.

When it comes to mobile and app security, there are a few other areas to consider.

For example, an app may be accessing personal information through the device on which it’s installed. E.g. phone numbers, messaging data, location data and camera data. It’s best practice to try to ensure that the app limits the access to data to only the required minimum it needs for the app functionality.

It’s also necessary to have an up to date clear privacy policy which sets out exactly what information the app will require and how that information is used and finally, make sure you have consent. All mobile apps need to obtain consent before collecting data. It needs to be made as clear as possible what people are consenting to and why.

Once data has been collected, the storage of the data needs to be considered. At Waracle, we’re accustomed to creating secure mobile apps following good practice including HTTPS, local encrypted storage on the device and good password management and patch management.

GDPR is a huge change regarding data privacy in the EU and will undoubtedly have a significant impact on many businesses. However, as mobile app developers have mainly designed apps with privacy in mind, GDPR is just more good news for app users in reassuring them that their data is being protected. If you would like to learn more about other trends affecting mobile app development, download one of our free whitepapers on mobile trends and mobile marketing.

About Waracle Mobile App Development

At Waracle, we’re committed to putting privacy at the heart of mobile app development and welcome the more rigorous focus. We’re working closely with our clients to ensure that every app we design and develop meets the new GDPR regulation standards.

As one of the UK’s top mobile app development companies, Waracle offer full lifecycle mobile app and digital product services through conception, design, UX, UI, development and post launch optimisation. Waracle specialises in a widening range of digital products and technology: Mobile Web, iOS, Android, Hybrid, Native, Internet of Things (IoT), Voice and Augmented Reality (AR).

If you would like help to ensure your existing app is GDPR compliant, or you would like to view our data protection policy covering data protection, data security and information security, feel free to contact us.